Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

looking for help with removal of csrss.exe


  • This topic is locked This topic is locked
26 replies to this topic

#1 Regicide

Regicide

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 30 December 2009 - 11:35 AM

Hi there, I should have probably introduced myself first.

Anyways, out of nowhere my computer becomes infected with some ridiculously fake anti-virus software, just as I'm about to leave for work. This was over 3 weeks ago. Now, we've had another computer plugged in for the time being, but now I have this one up again, and currently running on safe mode with networking. Now, here is what I know so far:

The virus has compromised one of the two csrss.exe processes running (it's easy to tell which one as it's size is very large compared to the legit one). Before my internet exploring abilities were disabled on normal mode, whenever I googled csrss.exe removal, it wouldn't allow me to visit this site when I clicked a link to it. Instead, it redirected me elsewhere. The same happened with a few other sites, with removal instructions (which didn't work anyways). Now, here's something creepy. As the computer finishes booting, an "update" for whatever fake program it calls itself pops up. Immediately I open a notepad and type in the name of the "program". When I reboot to safe mode however, the name is gone, it's just a bunch of spaces.. Should have written that one on paper.

Sorry for the essay, here's a hijackthis log to start:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:01 AM, on 30/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: XBTP09888 - {4B63C1DF-F1A6-411f-B218-4EB07EDD3C2B} - C:\PROGRA~1\GREATD~1\GREATD~1.DLL (file missing)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Shareware.Pro-EN Toolbar - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPee1.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1680x1050.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [shawnotify] c:\progra~1\shaw\update\siuloader.exe /notify
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [XoftSpySE] "C:\Program Files\XoftSpySE6\XoftSpySE.exe" -NM -hidesplash
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3" -"http://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=349&nc_referer=&age=1&hiscore=&sp=0&questionSet=&r=8077419&width=600&height=440&quality=high"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Shaw Support.lnk = C:\Program Files\shaw\bin\shawsupport.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-ca.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ,,cg.shawcable.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ,,cg.shawcable.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Unknown owner - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe

--
End of file - 9210 bytes

BC AdBot (Login to Remove)

 


#2 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 January 2010 - 01:04 PM

Hi, I know for certain my computer is very much compromised. However, reading through the various posts here I have hope that it is indeed salvageable, and may not require a format. Having said that, here are some details:

There is malware on my computer that poses as Windows Update (screenshots 1 & 2). It tries to get me to install these "updates," even when I was offline it told me it was downloading updates. Also, the original infection began when a rogue antivirus program popped up, which I believe was called Super Antivirus Pro 2009 or something. Also, it has taken over one of the csrss.exe processes, and whenever I end this process via task manager, I get a blue screen, then reboot. However, in order to get on safe mode with networking to post here (since internet is hijacked), I am FORCED to do this. Since pressing F8 to access the safe boot menu is disabled. I have tried malwarebytes and combofix already, as well as posting a hijackthis log first. Nothing has worked so far. I tried UnHackMe, which only managed to locate a file called "catchme.sys", which couldn't be found upon deletion. Googling catchme.sys leads me to believe I have something much more serious than I thought on my computer, a keystroke logger.

This virus hijacked my internet connection, preventing me from accessing the internet to surf (screenshots 4 & 5), also preventing me from using msn and anything else internet related.

I know you guys are very busy but this problem has persisted for well over a month, and I would just like to get my computer back to normal (with AntiVirus I intend to purchase), rather than shelling out $100 for a reformat on top of that..

1 http://i49.tinypic.com/24q4jg7.jpg
2 http://i49.tinypic.com/n49r0i.jpg
3 http://i47.tinypic.com/uwz2a.jpg
4 http://i48.tinypic.com/mr5pg7.jpg
5 http://i49.tinypic.com/ka4vwo.jpg

Attached is a hijackthis log, which I did under normal user account, after the fake update popped up. The log was created only 15 minutes ago, so it is very much fresh, and I intend to do nothing further, other than continue to use my computer on safe mode, until I can get assistance.

Edit: I think my computer is a zombie :(

Attached Files


Edited by Orange Blossom, 08 January 2010 - 05:33 PM.
Merged topics. ~ OB


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:03 AM

Posted 09 January 2010 - 11:13 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 January 2010 - 05:21 PM

Hello and thanks for replying!

Here is some information neatly listed:

- My internet connection has been hijacked. Whenever I log onto normal user account, I cannot use any programs that require my internet connection, including: IE, Firefox, Diablo II, MSN, Digsby, and the various virus scanners that required updating (which had to be done in safe mode w/ networking, where I am logged on right now)
http://i48.tinypic.com/mr5pg7.jpg
http://i49.tinypic.com/ka4vwo.jpg
- So in other words, I can only do internet related stuff on Safe Mode with Networking.
- The virus first made itself aware to me when a phony antivirus popup came out of nowhere, just as I was leaving for work. This happened over a month ago, but it called itself something like AntiVirus Pro 2009. I knew it was a fake, so I shut down the computer immediately, not having time to do anything.
- My Norton 360 or whatever subscription has expired. I planned to purchase new antivirus (maybe you can recommend one). But first I would like to take care of this infection, one way or another.
- The virus now pretends to be Windows Update, and tells me I need to install updates and reset my computer.
http://i49.tinypic.com/24q4jg7.jpg
http://i49.tinypic.com/n49r0i.jpg
- It also injects itself into the csrss process.
http://i47.tinypic.com/uwz2a.jpg
- Programs I have ran: Malwarebytes and ComboFix, both which picked up the remains of AntiVirus Pro 2009, UnHackMe, which detected a file called "catchme.sys" and told me it was probably dangerous.

And here are the logs requested, created only minutes ago (attached):

Attached Files


Edited by Regicide, 09 January 2010 - 05:22 PM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:03 AM

Posted 09 January 2010 - 05:46 PM

Hi,

please do not attach files, simply post the logs into your reply.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own


However if you still have C:\combofix.txt I would like to see the content of it.

catchme.sys is part of CombofFix and very probabyl does not belong to the malware.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 January 2010 - 06:05 PM

Ok, sorry I'll paste logs from now on. Also, I am on safe mode still. If required to log on to normal user to get a log, I will do so.


OTL logfile created on: 09/01/2010 4:17:01 PM - Run 1
OTL by OldTimer - Version 3.1.22.0 Folder = C:\Users\The Lefortes\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16945)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 425.00 Mb Available Physical Memory | 47.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 8.97 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 138.57 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THELEFORTES-PC
Current User Name: The Lefortes
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/09 16:06:39 | 00,543,232 | ---- | M] (OldTimer Tools) -- C:\Users\The Lefortes\Desktop\OTL.exe
PRC - [2010/01/06 16:18:24 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/07 03:06:48 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/11/02 03:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/09 16:06:39 | 00,543,232 | ---- | M] (OldTimer Tools) -- C:\Users\The Lefortes\Desktop\OTL.exe
MOD - [2006/11/02 03:38:57 | 01,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (eDataSecurity Service)
SRV - [2009/10/23 15:58:06 | 00,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/19 20:15:42 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f14d10769b10) Google Update Service (gupdate1c9f14d10769b10)
SRV - [2009/06/19 20:12:56 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/27 03:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/16 13:37:00 | 02,849,844 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/27 10:07:58 | 00,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/03 02:08:37 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/18 03:00:07 | 01,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/01/29 19:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/13 21:17:11 | 00,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 20:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 20:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/03 12:40:10 | 00,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/04/16 19:48:12 | 00,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/01/17 12:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/12/02 06:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/11/20 22:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006/11/20 22:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/20 22:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/20 22:44:32 | 00,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/20 22:43:42 | 00,046,736 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/20 22:42:52 | 00,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/20 22:42:12 | 00,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/11/02 06:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/08/02 15:18:49 | 00,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2009/07/09 11:16:16 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/11 04:49:27 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/11/18 03:00:58 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/11/18 03:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090214.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/11/18 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090214.003\NAVENG.SYS -- (NAVENG)
DRV - [2008/10/15 16:46:48 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/10/15 16:46:48 | 00,099,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/10/08 01:52:08 | 00,270,384 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20090129.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/10/03 16:14:12 | 00,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2008/10/03 16:14:10 | 00,187,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/10/03 16:14:10 | 00,146,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2008/10/03 16:14:10 | 00,039,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2008/10/03 16:14:10 | 00,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/10/03 16:14:08 | 00,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/08/14 09:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2007/12/01 01:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 01:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 01:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/02 16:36:10 | 00,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/09/13 21:46:47 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2007/06/22 03:34:12 | 01,788,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/18 16:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 16:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/05 05:08:56 | 00,454,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007/04/25 17:34:44 | 00,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/04/25 17:34:40 | 00,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007/04/25 17:34:38 | 00,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007/01/24 03:08:06 | 00,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2007/01/23 21:03:44 | 00,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/01/22 02:09:08 | 00,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2006/12/07 20:12:02 | 00,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/20 22:45:36 | 00,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 02:51:31 | 00,514,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/08/02 15:10:13 | 00,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = www.ijji.com
IE - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\S-1-5-21-2609790904-3432056047-3330629845-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com|forums.d2jsp.org"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q="
FF - prefs.js..network.proxy.backup.ftp: "74.208.15.170"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "74.208.15.170"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "74.208.15.170"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "74.208.15.170"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "74.208.15.170"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "74.208.15.170"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "74.208.15.170"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "techsmith.com, dtpk.org, google-analytics.com, ollydbg.de, xtendmedia.com, dj-grim.ca, 72.136.12.119, 99.249.250.235, netbsd.org, theamazonbasin.com, lyricstime.com, codeproject.com, europk.se, sparknotes.com, classistatic.com, kijiji.ca, walmartimages.com, walmart.com, pics24h.com, ebaumsworld.com, winnipegmovies.com, d2pk3.com, myspacecdn.com, worldofwarcraft.com, avira.com, ingame.de, skullbox.net, d2help.com, boardreader.com, fileplanet.com, snowball.com, gamespy.com, bidvertiser.com, blizzard.com, diablo3.com, image.com, tv.com, mu.nu, mypetjawa.mu.nu, europk.org, popcornreel.com, winamp.com, about.com, nytimes.com, 2mdn.net, doubleclick.net, dtmpub.com, about.com, 72.136.12.119, dj-grim.com, d2majors.com, 72.136.12.119, encyclopediadramatica.com, blizzard.com, shackvideo.com, hitbox.com, bestbuy.ca, bestbuy.com, futureshop.ca, vistax64.com, mozilla.com, mousepad-d2.com, netterhaufen.de, diablowiki.net, diii.net, d2legit.com, gamefaqs.com, sheppi.org, fallensouffle.com, websudoku.com, zapodaj.net, mahalo.com, funtrivia.com, sharethis.com, zieak.com, akamai.net, peteducation.com, yahoo.com, yimg.com, mikfoss.com, umportal.org, talkingheadtv.com, wordpress.com, electricpig.co.uk, neogaf.com, comscore.com, yellowpages.ca, wikimedia.org, wikipedia.org, liveleak.com, battleforums.com, southparkstudios.com, thewallpapers.org, deviantart.com, gigya.com, rapidshare.com, cruelsociety.net, highforum.net, planetrenders.net, sympatico.ca, fbcdn.net, ffspk.net, msn.com, facebook.com, yieldmanager.com, imageshack.us, geocities.jp, geocities.com, snotr.com, speedyshare.com, askmehelpdesk.com, ebaumsworld.com, kotaku.com, google.com, proxy-list.org, stealthbot.net, clubdragon.org, blizzsector.net, europk.org, ytimg.com, googlevideo.com, tedmontgomery.com, big-boards.com, cafepress.com, fark.com, icio.us, reddit.com, facebook.com, grab.com, share-server.com, feedburner.com, dmdentertainment.com, quantserve.com, digg.com, cracked.com, rapidshare.de, pastebin.com, cyberiapc.com, googlesyndication.com, imageshack.us, tinypic.com, winnipegtransit.com, newd2event.net, googlesyndication.com, hotmail.com, dnbshare.com, imageshack.us, photobucket.com, flickr.com, java.com, youtube.com, edgeofnowhere.cc, live.com, msn.com, match.com, live.com, google.ca, ihpk.net, yahoo.com, live.com, runescape.com, msn.ca, msn.com, hcpk.net, bmpk.us, wsd1.org, battle.net, edgeofnowhere.cc, spellingcow.com, microsoft.com, microsoft.ca, windows.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "74.208.15.170"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "74.208.15.170"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 16:18:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 16:18:25 | 00,000,000 | ---D | M]

[2009/07/19 12:06:55 | 00,000,000 | ---D | M] -- C:\Users\The Lefortes\AppData\Roaming\Mozilla\Extensions
[2009/07/19 12:06:55 | 00,000,000 | ---D | M] -- C:\Users\The Lefortes\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/09 09:39:15 | 00,000,000 | ---D | M] -- C:\Users\The Lefortes\AppData\Roaming\Mozilla\Firefox\Profiles\n90bpjah.default\extensions
[2010/01/07 11:17:09 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\The Lefortes\AppData\Roaming\Mozilla\Firefox\Profiles\n90bpjah.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/02/18 21:22:27 | 00,000,000 | ---D | M] -- C:\Users\The Lefortes\AppData\Roaming\Mozilla\Firefox\Profiles\n90bpjah.default\extensions\LogMeInClient@logmein.com
[2009/11/16 09:35:16 | 00,001,725 | ---- | M] () -- C:\Users\The Lefortes\AppData\Roaming\Mozilla\Firefox\Profiles\n90bpjah.default\searchplugins\ask.uk.xml
[2009/06/23 08:35:28 | 00,000,681 | ---- | M] () -- C:\Users\The Lefortes\AppData\Roaming\Mozilla\Firefox\Profiles\n90bpjah.default\searchplugins\ask.xml
[2009/08/15 00:08:47 | 00,001,690 | ---- | M] () -- C:\Users\The Lefortes\AppData\Roaming\Mozilla\Firefox\Profiles\n90bpjah.default\searchplugins\shaw.xml
[2010/01/09 09:39:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 11:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (371844 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12819 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [shawnotify] c:\Program Files\shaw\Update\siuloader.exe (Shaw Cablesystems)
O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [XoftSpySE] C:\Program Files\XoftSpySE6\XoftSpySE.exe (ParetoLogic Inc.)
O4 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks)
O4 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\5.0 ( File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\The Lefortes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2609790904-3432056047-3330629845-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-ca.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/09 16:06:40 | 00,543,232 | ---- | C] (OldTimer Tools) -- C:\Users\The Lefortes\Desktop\OTL.exe
[2010/01/08 12:54:44 | 00,472,064 | ---- | C] ( ) -- C:\Users\The Lefortes\Desktop\RootRepeal.exe
[2010/01/08 10:33:29 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\Documents\RegRun2
[2010/01/08 10:33:24 | 00,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/01/05 17:15:06 | 00,000,000 | ---D | C] -- C:\SDFix
[2010/01/04 09:23:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\1033
[2010/01/03 23:28:59 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\AppData\Roaming\Malwarebytes
[2010/01/03 23:28:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/03 23:28:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/03 23:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/03 23:28:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/03 21:36:20 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/03 21:36:12 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/03 21:36:12 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\AppData\Local\temp
[2010/01/03 21:15:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/03 21:15:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/03 21:15:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/03 21:15:06 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/03 21:15:01 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/03 21:13:06 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/12/30 10:22:18 | 00,000,000 | ---D | C] -- C:\hjt
[2009/12/30 09:34:00 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/30 09:24:28 | 00,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2009/12/20 01:35:24 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/12/20 00:34:25 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/20 00:34:24 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/20 00:21:23 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/12/19 14:06:18 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\Documents\a-squared Free
[2009/12/19 14:06:18 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/12/19 13:31:57 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009/12/19 13:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009/12/19 07:24:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/12/19 07:24:53 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/12/19 07:24:48 | 02,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/12/19 07:24:42 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/12/19 07:24:40 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/12/19 07:24:39 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/19 07:24:39 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/12/19 07:24:38 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/12/19 07:24:37 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/19 07:24:36 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/12/19 07:24:35 | 01,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/19 07:24:35 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/12/19 07:24:35 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/12/19 07:24:35 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/12/19 07:24:35 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/19 07:24:34 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/19 07:24:34 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/12/19 07:24:34 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/19 07:24:34 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/19 07:24:33 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/19 07:24:33 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/12/19 07:24:33 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/19 07:24:33 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/12/19 07:24:33 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/12/19 07:24:33 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/19 07:24:26 | 00,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/12/19 07:24:18 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/12/19 07:24:18 | 00,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/19 07:22:37 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/12/19 07:22:36 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/12/19 07:22:36 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/12/19 07:22:36 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/12/19 07:22:35 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/12/19 07:19:08 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/12/19 07:18:33 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/12/19 07:18:33 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/12/19 07:18:06 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/12/19 07:18:06 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/12/19 07:18:05 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/12/19 07:18:05 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/12/19 07:18:04 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/12/19 07:16:55 | 00,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/12/19 07:16:55 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/12/19 07:16:55 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/12/19 07:16:55 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/12/19 07:16:55 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/12/19 07:16:55 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/12/19 07:16:26 | 01,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/12/19 07:16:25 | 08,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2009/12/19 07:16:25 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/12/19 07:16:24 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/12/19 07:16:24 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2009/12/19 07:16:24 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2009/12/19 07:16:16 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/12/19 07:16:16 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/12/19 07:16:13 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/12/19 07:16:12 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/12/19 07:16:10 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/12/19 07:16:10 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/12/19 07:16:10 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/12/19 07:16:10 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/12/19 07:16:04 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/12/19 07:16:03 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/12/19 07:16:02 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/12/19 07:15:51 | 00,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/12/19 07:15:51 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/12/19 07:15:50 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/12/19 07:15:50 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/12/19 07:15:50 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/12/19 07:15:50 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/12/19 07:15:50 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/12/19 07:15:50 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/12/19 07:15:50 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/12/19 07:15:50 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/12/19 07:15:50 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/12/19 07:15:50 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/12/19 07:15:05 | 00,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/12/19 07:15:04 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/12/19 07:15:00 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/12/19 07:15:00 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/12/19 07:15:00 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/12/19 07:15:00 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/12/19 07:15:00 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/12/19 07:15:00 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/12/19 07:15:00 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/12/19 07:14:31 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/12/19 07:14:31 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/12/19 07:14:31 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/12/19 07:14:31 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/12/19 07:14:31 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/12/19 07:14:22 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/12/19 07:14:17 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/12/19 07:14:16 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/12/19 07:14:15 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/12/19 07:14:15 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/12/19 07:14:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/12/19 07:14:15 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/12/19 07:14:08 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/12/19 07:14:03 | 00,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/12/19 07:14:03 | 00,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/12/19 07:13:54 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/12/19 07:13:54 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/12/19 07:13:52 | 00,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/12/19 07:13:52 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/12/19 07:13:52 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2009/12/19 07:13:51 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2009/12/19 07:13:51 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/12/19 07:13:51 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2009/12/19 07:13:51 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2009/12/19 07:13:51 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/12/19 07:13:51 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2009/12/19 07:13:51 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2009/12/19 07:13:51 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2009/12/19 07:13:51 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/12/19 07:13:51 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2009/12/19 07:13:51 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2009/12/19 07:13:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2009/12/19 07:13:45 | 03,467,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/12/19 07:13:44 | 03,502,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/12/19 07:13:42 | 00,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/12/19 07:13:42 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/12/19 07:13:41 | 00,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/12/19 07:13:41 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2009/12/19 07:13:41 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2009/12/19 07:13:39 | 00,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/12/19 07:13:35 | 02,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/12/19 07:13:23 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/12/19 07:13:23 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/12/19 07:13:23 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/12/19 07:13:18 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/12/19 07:13:18 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/12/19 07:13:17 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/12/19 07:13:17 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/12/19 07:13:13 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/12/19 07:12:56 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/12/19 06:50:29 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/12/19 06:49:22 | 00,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/12/19 06:49:20 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/12/19 06:49:20 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/12/19 06:49:20 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/12/19 06:49:20 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/12/18 10:14:14 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/12/18 10:14:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/12/18 10:14:12 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2009/12/18 10:14:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2009/12/18 10:14:06 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2009/12/18 10:13:46 | 04,129,448 | ---- | C] (ParetoLogic Inc.) -- C:\Users\The Lefortes\Desktop\XoftSpySE_Setup_RW.exe
[2009/12/17 22:01:24 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\Desktop\New Folder
[2009/12/14 16:26:37 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\Desktop\Downloads
[2009/12/14 16:26:36 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\AppData\Roaming\GetRightToGo
[2009/12/14 02:39:54 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\Desktop\MFD2
[2009/12/14 02:21:14 | 00,000,000 | ---D | C] -- C:\Users\The Lefortes\AppData\Roaming\Skype
[2009/12/14 02:20:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/12/14 02:20:46 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/12/14 02:20:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/12/13 21:04:15 | 00,000,000 | ---D | C] -- C:\Program Files\BitLord
[2009/03/23 09:25:22 | 01,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[2007/09/13 21:38:28 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2010/01/09 16:16:54 | 08,126,464 | -HS- | M] () -- C:\Users\The Lefortes\NTUSER.DAT
[2010/01/09 16:06:39 | 00,543,232 | ---- | M] (OldTimer Tools) -- C:\Users\The Lefortes\Desktop\OTL.exe
[2010/01/09 15:37:24 | 00,000,680 | ---- | M] () -- C:\Users\The Lefortes\AppData\Local\d3d9caps.dat
[2010/01/08 15:08:22 | 00,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/01/08 15:08:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/08 15:07:54 | 14,450,1921 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/08 12:55:31 | 00,000,000 | ---- | M] () -- C:\Users\The Lefortes\Desktop\settings.dat
[2010/01/08 12:54:43 | 00,472,064 | ---- | M] ( ) -- C:\Users\The Lefortes\Desktop\RootRepeal.exe
[2010/01/08 11:48:08 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/08 11:46:13 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/08 11:45:44 | 00,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/08 11:45:44 | 00,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/08 11:45:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/08 11:19:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/08 11:14:27 | 00,757,348 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/08 11:14:27 | 00,647,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/08 11:14:27 | 00,123,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/08 10:34:00 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/01/08 10:34:00 | 00,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/01/08 10:34:00 | 00,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/01/08 10:33:28 | 00,000,406 | ---- | M] () -- C:\Windows\tasks\UnHackMe Task Scheduler.job
[2010/01/07 12:11:11 | 00,000,131 | ---- | M] () -- C:\Windows\wininit.ini
[2010/01/07 10:58:56 | 00,371,844 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/05 22:28:14 | 00,053,946 | ---- | M] () -- C:\Users\The Lefortes\Desktop\n853745561_3938268_8752.jpg
[2010/01/05 20:33:25 | 00,371,664 | ---- | M] () -- C:\Users\The Lefortes\Desktop\MFD2.rar
[2010/01/04 20:43:07 | 00,055,608 | ---- | M] () -- C:\Users\The Lefortes\Desktop\n853745561_1512781_911.jpg
[2010/01/04 09:48:53 | 02,235,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/01/03 21:31:29 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/30 19:08:01 | 00,071,861 | ---- | M] () -- C:\Users\The Lefortes\Desktop\Untitled.jpg
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 10:24:23 | 00,000,509 | ---- | M] () -- C:\Users\The Lefortes\Desktop\HijackThis - Shortcut.lnk
[2009/12/30 09:54:32 | 08,442,828 | ---- | M] () -- C:\Users\The Lefortes\Desktop\Magic Find Project - vector copy.rar
[2009/12/30 09:33:36 | 03,877,972 | R--- | M] () -- C:\Users\The Lefortes\Desktop\ComboFix.exe
[2009/12/20 00:18:37 | 47,284,224 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/12/20 00:18:36 | 00,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/12/20 00:18:36 | 00,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/12/19 05:12:10 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/18 10:14:14 | 00,000,855 | ---- | M] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
[2009/12/18 10:14:14 | 00,000,432 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2009/12/18 10:13:50 | 04,129,448 | ---- | M] (ParetoLogic Inc.) -- C:\Users\The Lefortes\Desktop\XoftSpySE_Setup_RW.exe
[2009/12/17 13:50:04 | 00,001,150 | ---- | M] () -- C:\Users\The Lefortes\Desktop\DrHymansDiabesityWebinar8PMPST.ics
[2009/12/16 21:55:56 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2009/12/14 10:39:04 | 00,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/12/11 20:00:41 | 00,000,502 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - The Lefortes.job

========== Files Created - No Company Name ==========

[2010/01/08 13:12:21 | 00,001,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/01/08 13:12:21 | 00,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
[2010/01/08 13:12:21 | 00,000,798 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
[2010/01/08 12:55:31 | 00,000,000 | ---- | C] () -- C:\Users\The Lefortes\Desktop\settings.dat
[2010/01/08 10:34:00 | 00,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/01/08 10:33:28 | 00,000,406 | ---- | C] () -- C:\Windows\tasks\UnHackMe Task Scheduler.job
[2010/01/07 12:11:11 | 00,000,131 | ---- | C] () -- C:\Windows\wininit.ini
[2010/01/05 22:29:32 | 00,055,608 | ---- | C] () -- C:\Users\The Lefortes\Desktop\n853745561_1512781_911.jpg
[2010/01/05 22:28:21 | 00,053,946 | ---- | C] () -- C:\Users\The Lefortes\Desktop\n853745561_3938268_8752.jpg
[2010/01/05 20:33:24 | 00,371,664 | ---- | C] () -- C:\Users\The Lefortes\Desktop\MFD2.rar
[2010/01/04 08:32:46 | 00,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/03 21:15:06 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/03 21:15:06 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/03 21:15:06 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/03 21:15:06 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/03 21:15:06 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/30 19:08:01 | 00,071,861 | ---- | C] () -- C:\Users\The Lefortes\Desktop\Untitled.jpg
[2009/12/30 10:24:23 | 00,000,509 | ---- | C] () -- C:\Users\The Lefortes\Desktop\HijackThis - Shortcut.lnk
[2009/12/30 09:54:16 | 08,442,828 | ---- | C] () -- C:\Users\The Lefortes\Desktop\Magic Find Project - vector copy.rar
[2009/12/30 09:33:33 | 03,877,972 | R--- | C] () -- C:\Users\The Lefortes\Desktop\ComboFix.exe
[2009/12/20 00:16:10 | 47,284,224 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/12/20 00:16:10 | 00,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/12/20 00:16:10 | 00,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/12/19 07:22:35 | 01,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/12/19 07:13:50 | 00,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2009/12/19 05:12:10 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/18 10:14:14 | 00,000,855 | ---- | C] () -- C:\Users\Public\Desktop\XoftSpySE.lnk
[2009/12/18 10:14:14 | 00,000,432 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2009/12/17 13:50:19 | 00,001,150 | ---- | C] () -- C:\Users\The Lefortes\Desktop\DrHymansDiabesityWebinar8PMPST.ics
[2009/12/16 21:55:54 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/12/14 02:20:49 | 00,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/07/02 20:03:42 | 00,000,680 | ---- | C] () -- C:\Users\The Lefortes\AppData\Local\d3d9caps.dat
[2009/04/24 09:51:14 | 00,072,192 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009/03/11 05:31:20 | 00,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/11 04:49:26 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/02/22 18:56:15 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/13 09:37:14 | 00,847,360 | ---- | C] () -- C:\Windows\System32\JS32.dll
[2009/01/11 16:51:28 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/12/25 04:06:56 | 00,000,000 | ---- | C] () -- C:\Users\The Lefortes\AppData\Roaming\wklnhst.dat
[2008/12/20 10:52:31 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2008/12/02 19:42:27 | 00,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/11/17 14:20:13 | 00,059,904 | ---- | C] () -- C:\Users\The Lefortes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/16 13:40:27 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/11/16 13:40:27 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/11/16 13:40:27 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/11/10 19:16:37 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008/11/10 19:16:37 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/09/19 15:57:34 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 15:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/09/19 15:55:10 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/09/19 15:54:18 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/09/13 22:40:30 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/09/13 21:38:26 | 00,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/09/13 20:53:55 | 00,000,697 | ---- | C] () -- C:\Windows\generic.ini
[2007/09/13 20:53:55 | 00,000,110 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/04/25 17:33:22 | 00,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 17:32:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 17:32:46 | 00,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 17:31:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 17:30:52 | 00,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 17:30:44 | 00,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 16:44:48 | 00,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/02 15:24:01 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2001/12/26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 09/01/2010 4:17:01 PM - Run 1
OTL by OldTimer - Version 3.1.22.0 Folder = C:\Users\The Lefortes\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16945)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 425.00 Mb Available Physical Memory | 47.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 8.97 Gb Free Space | 6.22% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 138.57 Gb Free Space | 96.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THELEFORTES-PC
Current User Name: The Lefortes
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{258B3459-ADB9-4F51-B2A0-C0094A73BEC8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C05C40F-988E-4DF7-9700-FC2A33CDF76D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3CAAD5DD-476E-40C5-897C-F0D8890DA1FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B414270-119F-43D2-B006-1E12E82A95A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{517E3E45-42AB-4319-8240-FBF2A69B8429}" = rport=139 | protocol=6 | dir=out | app=system |
"{94D8ED21-496F-4638-99C8-1D4185002137}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5341E6B-37D9-4088-934A-9254E460D248}" = lport=445 | protocol=6 | dir=in | app=system |
"{B5AC6E88-DC86-4BE5-87BF-649D52F54BC6}" = lport=138 | protocol=17 | dir=in | app=system |
"{B7C886CD-6187-452E-8E96-626EFFE4BA94}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5ECD95B-B8A8-427B-BFF1-287CFD676535}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E58A0A71-FE9E-459D-9158-8130670A6FB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{EC18E7CB-FF93-4DA2-98FD-4E2B8B5A00D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{F1A41DFE-5433-4DC6-84C3-C8F6AD0B8A65}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A92597-B04E-4C88-9FC2-8B48A4C45CD3}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{054A8860-9E5C-43F4-B071-1FB8BF95F55E}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{056D9E0F-3396-443D-BEE0-90DF96B0CD82}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{122B0FCD-EB51-4F9B-B1B9-0439B36A3673}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{12B57165-7D8C-4C1F-A232-4E99382295DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{155BBB51-8024-4EB4-9CEA-FB78D5C13DC5}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft trial\launcher.exe |
"{18356DD4-002B-40B1-BD0C-FA920E29CDFF}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{1B1C2912-30D1-4EA7-A863-0DF7CD6F1EEB}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2071475F-0F9F-4E34-98A9-B70C4FBFF471}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{2469FCF1-D5D9-4BDA-8CB2-D6ABB562FE03}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{395C6C26-7317-46D5-B319-9C1F03ABA300}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{3BB0BE0D-542D-4C89-9E43-FBD1C90CD374}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{3CC1FA6A-B9E6-4B02-B054-007CC1A3A395}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{449AF5DF-1D81-439E-B1ED-7BF2F16B603C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{53AA2C24-8822-463F-84D5-83E512B994E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{54B6E0B1-088A-4636-8AD0-01B91956867B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{59858389-F8A5-4507-AA79-5318672AE15F}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{627C191B-351F-4D91-B3D8-2123A1CC4705}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{63739124-4A9F-4FBA-9640-4C17137075F7}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{70313D0E-2D73-4A56-AFD6-6DE194F07AED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7A43660F-6D39-4F55-945A-6F0AD6199E01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B2A2770-1F4B-4022-AF04-7C81E7C89FFB}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{7D83011F-FF07-4B9B-9BE9-026D6E576F9F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8A05C939-F961-4197-9030-0A4B01CEBAB0}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft trial\launcher.exe |
"{9054AD15-8634-436E-9B0A-A42F5CAA239E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{946C2D9E-F74E-4EFB-9534-8969146D02ED}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{997C319F-01DE-47D7-90C3-8F214B40BF22}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9C481472-D39E-4C45-97F7-F14F85E856B9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A60EAE0C-5ABD-4C24-95FC-22BDF3627363}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A8187CA6-06D1-4528-BDBF-A61864E45255}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{AD347B74-0F00-4A26-A0C4-46A17ED83150}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B2BFE4A0-ECD6-42A1-A283-6950C3D9C815}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B569DD36-C954-4A0F-B3D9-2BE2D51BFC01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B56D3BF4-3F81-4B33-85F3-23EB7C3A8D5B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5B9C828-7124-460F-8EB1-A9191C72C9F9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B60A907B-0891-4E3A-B650-25B8E94E3DF8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{C3C0593F-EB72-431D-9221-A69405F1AAA9}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{C6209E25-096C-499C-A723-9914876A2ED4}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{CE4A2AB6-7A66-40F1-817D-7A3135E7C180}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ECBD2A17-D9EA-41E7-BC8D-98AF163ED1B8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F4AC3443-3EDA-41FE-94D7-5FAFB45E09B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{028B6117-FF65-4B72-BC03-2E9DE1FBF66D}" = iArtwork
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14DE3576-5D4C-4501-8492-685C93623DD8}" = SymNet
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 11
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{456EDEB1-F7EE-4444-937F-DA756547C774}" = Symantec Real Time Storage Protection Component
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4BB05099-1963-4268-A3BB-9153964750ED}" = XoftSpySE
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{714A8115-89BE-44E9-89A5-768405B0BB97}" = Motorola Phone Tools
"{72E3FF67-450F-4ADD-99A7-4147780F6C7B}_is1" = Shaw Support 3.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5EE4897-0A8A-4BDF-AF28-6F420C155308}" = ToolBox
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires II Trial" = Microsoft Age of Empires II Trial Version
"Aim Plugin for QQ Games" = Aim Plugin for QQ Games
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"a-squared Free_is1" = a-squared Free 4.5
"Cheat Engine 5.3_is1" = Cheat Engine 5.3
"Club Player Casino" = Club Player Casino
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"Diablo II" = Diablo II
"Digsby" = Digsby
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LimeWire" = LimeWire 4.18.8
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP4 to MP3 Converter" = MP4 to MP3 Converter
"Orb" = Winamp Remote
"Paintball2" = Paintball2 Alpha build 27
"PECompact2" = PECompact2
"Peer2Peer-EN Toolbar" = Peer2Peer-EN Toolbar
"PokerStars" = PokerStars
"QQ Games" = QQ Games
"QQ Pool" = QQ Pool
"QQ Texas Hold'em" = QQ Texas Hold'em
"QQ Treasure Hunter" = QQ Treasure Hunter
"Shaw Internet Update_is1" = Shaw Internet Update 3.2.2
"SiS VGA Utilities" = SiS VGA Utilities
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek" = SoulSeek Client 156c
"Speakonia_is1" = Speakonia
"ST6UNST #1" = Hero Editor V0.96
"StealthBot v2.6 Revision 3" = StealthBot v2.6 Revision 3 (remove only)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"TeamViewer 4" = TeamViewer 4
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Unlocker" = Unlocker 1.8.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"XBTB09888.XBTB09888Toolbar" = Great Day Games Toolbar
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2609790904-3432056047-3330629845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/09/2009 3:55:08 PM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4aaff0f2, exception
code 0xc0000005, fault offset 0x028acf6a, process id 0x113c, application start time
0x01ca363e6b38aa18.

Error - 15/09/2009 3:55:15 PM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4aaff0f2, exception
code 0xc0000005, fault offset 0x026ecf6a, process id 0x121c, application start time
0x01ca363e6f928e58.

Error - 15/09/2009 9:00:41 PM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4aaff0f2, exception
code 0xc0000005, fault offset 0x0298cf6a, process id 0x1578, application start time
0x01ca363a5dba5e08.

Error - 16/09/2009 7:36:39 AM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4ab0cdb1, exception
code 0xc0000005, fault offset 0x01f8cf6a, process id 0x14b0, application start time
0x01ca36c1e9431de8.

Error - 16/09/2009 7:36:59 AM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4ab0cdb1, exception
code 0xc0000005, fault offset 0x0220cf6a, process id 0x11a4, application start time
0x01ca36c1fe8fe7f8.

Error - 16/09/2009 7:37:06 AM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4ab0cdb1, exception
code 0xc0000005, fault offset 0x022fcf6a, process id 0x1598, application start time
0x01ca36c202671f18.

Error - 16/09/2009 7:57:49 AM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4ab0d2b7, exception
code 0xc0000005, fault offset 0x0267ceea, process id 0x1700, application start time
0x01ca36c4e7383328.

Error - 16/09/2009 8:20:24 AM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4ab0d7f5, exception
code 0xc0000005, fault offset 0x0270d23a, process id 0x1334, application start time
0x01ca36c80db3e2d8.

Error - 16/09/2009 5:22:54 PM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6000.16771, time stamp
0x4907deda, faulting module SHELL32.dll, version 6.0.6000.16774, time stamp 0x4912e93f,
exception code 0xc0000005, fault offset 0x00092061, process id 0x16a8, application
start time 0x01ca35cd004bedf8.

Error - 17/09/2009 8:44:35 AM | Computer Name = TheLefortes-PC | Source = Application Error | ID = 1000
Description = Faulting application Game.exe, version 1.0.12.49, time stamp 0x483cb8e2,
faulting module houdini.dll_unloaded, version 0.0.0.0, time stamp 0x4ab22f15, exception
code 0xc0000005, fault offset 0x03fbdf6a, process id 0x151c, application start time
0x01ca3794903bcde8.

[ Media Center Events ]
Error - 29/04/2009 10:35:44 PM | Computer Name = TheLefortes-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 15/07/2009 3:08:04 AM | Computer Name = TheLefortes-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.

Error - 15/07/2009 3:08:04 AM | Computer Name = TheLefortes-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
31, function 0. Please contact your system vendor for technical assistance.

Error - 15/07/2009 3:08:48 AM | Computer Name = TheLefortes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/07/2009 3:08:48 AM | Computer Name = TheLefortes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/07/2009 4:19:40 PM | Computer Name = TheLefortes-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.

Error - 15/07/2009 4:19:40 PM | Computer Name = TheLefortes-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
31, function 0. Please contact your system vendor for technical assistance.

Error - 15/07/2009 4:20:30 PM | Computer Name = TheLefortes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/07/2009 4:20:30 PM | Computer Name = TheLefortes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/07/2009 1:11:23 PM | Computer Name = TheLefortes-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.

Error - 18/07/2009 1:11:23 PM | Computer Name = TheLefortes-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
31, function 0. Please contact your system vendor for technical assistance.


< End of report >

Edited by Regicide, 09 January 2010 - 06:14 PM.


#7 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 January 2010 - 06:13 PM

ComboFix (other post couldnt fit all 3 logs):

ComboFix 09-12-29.06 - The Lefortes 03/01/2010 21:17:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.895.87 [GMT -6:00]
Running from: c:\users\The Lefortes\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\alot\bin\ALOTSettings.exe
c:\program files\Cheat Engine\dbk32.sys
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
c:\users\The Lefortes\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-04 03:29 . 2010-01-04 03:31 -------- d-----w- c:\users\The Lefortes\AppData\Local\temp
2010-01-04 03:29 . 2010-01-04 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-30 16:22 . 2009-12-30 20:44 -------- d-----w- C:\hjt
2009-12-30 15:24 . 2009-12-30 15:24 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-12-20 07:35 . 2009-10-29 07:59 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-20 07:26 . 2009-12-20 07:26 -------- d-----w- c:\windows\system32\1033
2009-12-20 06:35 . 2009-12-20 06:35 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-12-20 06:34 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-20 06:34 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-20 06:34 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-20 06:21 . 2009-12-20 06:21 -------- d-----w- c:\program files\MSBuild
2009-12-19 20:06 . 2009-12-19 23:24 -------- d-----w- c:\program files\a-squared Free
2009-12-19 19:31 . 2009-12-19 19:56 -------- d-----w- c:\programdata\SecTaskMan
2009-12-19 19:31 . 2009-12-19 19:31 -------- d-----w- c:\program files\Security Task Manager
2009-12-19 13:22 . 2009-07-11 19:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2009-12-19 13:22 . 2009-07-11 19:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2009-12-19 13:22 . 2009-07-11 19:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2009-12-19 13:22 . 2009-07-11 19:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2009-12-19 13:22 . 2009-07-11 19:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2009-12-19 13:22 . 2009-07-11 19:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2009-12-19 13:19 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-19 13:18 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-12-19 13:18 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-12-19 13:18 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-12-19 13:18 . 2009-03-17 03:16 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-12-19 13:18 . 2009-03-17 03:16 25600 ----a-w- c:\windows\system32\amxread.dll
2009-12-19 13:18 . 2008-08-28 03:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-12-19 13:18 . 2008-08-28 03:22 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-12-19 13:18 . 2008-08-28 03:22 347648 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-12-19 13:15 . 2009-08-14 17:16 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2009-12-19 13:14 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-12-19 13:13 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-12-19 13:12 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-12-19 12:51 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-12-19 12:50 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-12-19 12:50 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-12-19 12:49 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-12-19 12:49 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-12-19 12:49 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-12-19 12:49 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-18 16:14 . 2009-12-18 16:14 -------- d-----w- c:\programdata\ParetoLogic
2009-12-18 16:14 . 2009-12-18 16:14 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-18 16:14 . 2009-12-18 16:14 -------- d-----w- c:\programdata\XoftSpySE
2009-12-18 16:14 . 2009-12-18 16:14 -------- d-----w- c:\program files\Common Files\XoftSpySE
2009-12-18 16:14 . 2009-12-18 16:14 -------- d-----w- c:\program files\XoftSpySE6
2009-12-17 03:55 . 2009-12-17 03:55 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-14 22:26 . 2009-12-14 22:26 -------- d-----w- c:\users\The Lefortes\AppData\Roaming\GetRightToGo
2009-12-14 08:21 . 2009-12-18 15:31 -------- d-----w- c:\users\The Lefortes\AppData\Roaming\Skype
2009-12-14 08:20 . 2009-12-14 08:20 -------- d-----w- c:\program files\Common Files\Skype
2009-12-14 08:20 . 2009-12-14 08:21 -------- d-----r- c:\program files\Skype
2009-12-14 08:20 . 2009-12-14 08:20 -------- d-----w- c:\programdata\Skype
2009-12-14 03:04 . 2009-12-18 15:42 -------- d-----w- c:\program files\BitLord

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 03:29 . 2008-12-20 16:52 -------- d-----w- c:\program files\Cheat Engine
2010-01-04 03:00 . 2007-09-14 03:30 -------- d-----w- c:\programdata\Microsoft Help
2010-01-04 02:32 . 2009-02-28 20:31 -------- d-----w- c:\program files\Diablo II - 1
2009-12-31 01:14 . 2009-03-11 13:00 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-31 00:50 . 2009-07-03 02:03 680 ----a-w- c:\users\The Lefortes\AppData\Local\d3d9caps.dat
2009-12-30 15:44 . 2009-02-28 21:01 -------- d-----w- c:\program files\Diablo II - 3
2009-12-20 19:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-20 19:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-20 19:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-20 07:27 . 2009-03-11 11:20 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-12-20 07:27 . 2009-03-11 11:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-20 06:24 . 2007-09-14 03:32 -------- d-----w- c:\program files\Microsoft Works
2009-12-19 23:56 . 2009-09-12 08:40 -------- d-----w- c:\program files\Club Player Casino
2009-12-19 23:56 . 2009-04-14 03:23 -------- d-----w- c:\program files\PECompact2
2009-12-19 13:34 . 2008-11-24 10:31 -------- d-----w- c:\program files\Soulseek
2009-12-18 16:25 . 2008-12-12 10:20 -------- d-----w- c:\program files\Google
2009-12-18 16:23 . 2009-03-14 05:55 -------- d-----w- c:\program files\Pando Networks
2009-12-18 15:48 . 2008-11-17 08:44 -------- d-----w- c:\program files\DivX
2009-12-18 15:46 . 2007-09-14 03:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-18 15:46 . 2009-03-26 12:31 -------- d-----w- c:\programdata\IJJIGame
2009-12-18 15:45 . 2009-08-24 03:28 -------- d-----w- c:\programdata\BVRP Software
2009-12-18 15:30 . 2009-12-02 06:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-18 15:29 . 2009-12-02 06:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-17 04:38 . 2008-11-29 12:29 -------- d-----w- c:\program files\StealthBot
2009-12-16 14:58 . 2009-09-17 22:55 -------- d-----w- c:\program files\Digsby
2009-12-14 04:30 . 2008-11-19 22:57 -------- d-----w- c:\users\The Lefortes\AppData\Roaming\LimeWire
2009-11-16 00:18 . 2009-10-31 05:42 -------- d-----w- c:\program files\D2PK3
2009-11-07 04:43 . 2009-11-07 04:43 -------- d-----w- c:\program files\Microsoft
2009-11-05 16:42 . 2009-09-03 03:44 63 ----a-w- c:\users\The Lefortes\jagex_runescape_preferences2.dat
2009-11-05 16:40 . 2008-12-05 11:00 38 ----a-w- c:\users\The Lefortes\jagex_runescape_preferences.dat
2009-10-27 15:05 . 2009-12-19 13:24 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-19 13:24 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-19 13:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2009-12-19 13:24 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2009-12-19 13:24 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-19 13:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-19 13:24 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-10-13 22:49 . 2009-10-08 23:55 1182089176 ----a-w- c:\users\The Lefortes\AppData\Roaming\ijjigame\U_LUNIA_setup.exe
2009-10-13 07:00 . 2008-11-25 11:45 220926964 ----a-w- c:\users\The Lefortes\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2009-10-10 22:41 . 2009-09-05 05:00 509708424 ----a-w- c:\users\The Lefortes\AppData\Roaming\ijjigame\U_SFInstaller.exe
2009-10-07 12:47 . 2009-12-19 13:24 232960 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 12:47 . 2009-12-19 13:24 274432 ----a-w- c:\windows\system32\raschap.dll
2008-11-11 01:50 . 2008-11-11 01:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]
2009-07-05 12:09 2215960 ----a-w- c:\program files\Peer2Peer-EN\tbPee1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{da21bd13-ca22-42e3-a071-98f08f1ca1e7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-07-05 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DA21BD13-CA22-42E3-A071-98F08F1CA1E7}"= "c:\program files\Peer2Peer-EN\tbPee1.dll" [2009-07-05 2215960]

[HKEY_CLASSES_ROOT\clsid\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"shawnotify"="c:\progra~1\shaw\update\siuloader.exe" [2009-05-11 378152]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

c:\users\The Lefortes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Shaw Support.lnk - c:\program files\shaw\bin\shawsupport.exe [2009-7-28 1246504]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digsby.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
backup=c:\windows\pss\Digsby.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2007-05-31 23:35 326440 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-07-07 09:22 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-11-21 04:44 107112 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2006-11-21 04:42 22696 ----a-w- c:\program files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-06-20 08:56 4493312 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSTray]
2007-06-05 11:07 548864 ----a-w- c:\program files\SiS VGA Utilities\SiSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 22:47 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-30 01:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-09-14 03:17 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpySE]
2009-10-23 21:58 4854040 ----a-w- c:\program files\XoftSpySE6\XoftSpySE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090129.001\IDSvix86.sys [30/01/2009 12:37 PM 270384]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [19/12/2009 2:06 PM 1858144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/02/2009 11:57 AM 99376]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRKMD.sys [13/09/2007 8:53 PM 454520]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [13/09/2007 8:53 PM 46592]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [03/10/2008 4:14 PM 37936]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11/03/2009 4:49 AM 717296]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [02/11/2007 4:36 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [23/01/2007 9:03 PM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\System32\drivers\motport.sys [18/06/2007 4:18 PM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [02/08/2005 3:10 PM 32512]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [23/10/2009 3:58 PM 582424]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/06/2009 5:51 PM 234888]
S4 gupdate1c9f14d10769b10;Google Update Service (gupdate1c9f14d10769b10);c:\program files\Google\Update\GoogleUpdate.exe [19/06/2009 8:16 PM 133104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 6:01 AM 2799808]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [27/02/2009 10:07 AM 185640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 02:15]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 02:15]

2009-12-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - The Lefortes.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 04:41]

2009-12-18 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://start.shaw.ca
mWindow Title = Internet Explorer Provided by SHAW Internet
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\The Lefortes\AppData\Roaming\Mozilla\Firefox\Profiles\n90bpjah.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - yahoo.com|forums.d2jsp.org
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{4B63C1DF-F1A6-411f-B218-4EB07EDD3C2B} - c:\progra~1\GREATD~1\GREATD~1.DLL
BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
Toolbar-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-Setresolution - c:\acersw\config\1680x1050.cmd
HKLM-Run-eRecoveryService - (no file)
HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
MSConfigStartUp-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
MSConfigStartUp-eDataSecurity Loader - c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-PCMMediaSharing - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe
AddRemove-Shaw Uninstaller - c:\program files\shaw\bin\Uninstall.EXE
AddRemove-{AEEAE013-92F1-4515-B278-139F1A692A36} - c:\acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 21:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-03 21:36:10
ComboFix-quarantined-files.txt 2010-01-04 03:36

Pre-Run: 10,740,772,864 bytes free
Post-Run: 11,801,468,928 bytes free

- - End Of File - - 57B169C738BE53A61DBF090E36B4C18E

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:03 AM

Posted 09 January 2010 - 06:45 PM

How are you not able to connect to the internet? What error message do you get? Is the behaviour for Firefox and Internet Explorer the same?

They are showing a lot of proxy entries in firefox, have you set them? (eg for diablo.com or ollydbg.de)

The logs aren't really showing any obvious signs of infections.

I would like to see a log from gmer next:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 09 January 2010 - 06:47 PM

I provided screenshots of what error I'm getting in IE and Firefox. I also provided the screenshot of the fake Windows Update, + csrss.exe size being too big.

Also, I cannot use MSN or Digsby or connect to online play with Diablo II (a video game).

I haven't touched proxy settings for IE or Firefox.

I will download GMER and use it now though.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:03 AM

Posted 09 January 2010 - 07:18 PM

Hi,

could you please check if you can open diablo.com in Firefox, just to see if the proxy is working. Could you tell me how you access the internet, do you use a router?

Please try to run the Firefox safe-mode, this will disable all add-ons and settings: support.mozilla.com/kb/Safe+Mode
Can you access the internet then?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 10 January 2010 - 12:33 PM

Hi,

could you please check if you can open diablo.com in Firefox, just to see if the proxy is working. Could you tell me how you access the internet, do you use a router?

Please try to run the Firefox safe-mode, this will disable all add-ons and settings: support.mozilla.com/kb/Safe+Mode
Can you access the internet then?

regards myrti


I do use a router. Also I am using firefox currently, in Safe Mode With Networking.

gmer crashed after 5 hours of running (I waited the rest of the night and it was still frozen, after 11 hours..)

So I will try it once more, in Safe Mode (just Safe Mode, not with networking).

I can try it again later as well, under Normal Mode. I have a suspicion that something interfered with GMER causing it to freeze.

edit: I am on the computer that is infected. I do not have another computer. The only way I can access my internet connection is with Safe Mode with Networking. If I go onto Normal Mode, it shows that I am connected but I can't surf, use msn, nothing. Any program that uses the internet connection complains that I am somehow "not connected".

Edited by Regicide, 10 January 2010 - 12:35 PM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:03 AM

Posted 10 January 2010 - 12:44 PM

Hi,

I wanted you to run the safe-mode from Firefox in normal mode, which is not the same as running Firefox in the Windows safe-mode.

Can you open your command prompt:
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    ipconfig /all >%temp%\tmp.txt && %temp%\tmp.txt
  • a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


This should show us if your internet connection has the correct settings. If those are fine, I would like to try to ping your router from normal mode. Do you know the IP of your router?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 10 January 2010 - 09:49 PM

Hi there. Sorry for the delay in responding. I am actually still running the gmer scan on my computer. I now have access to my mom's work laptop with internet. I watched it rapidly scan Program Files and System32 folders, now it's taking its time with some other stuff in C:\\Windows\winsxs. Once it's finished I'll save the log, and run Firefox as you instructed, using the Firefox safe-mode (I misread earlier, but it's clear now, sorry about that).

Edited by Regicide, 10 January 2010 - 09:51 PM.


#14 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 11 January 2010 - 12:52 AM

Hello. I tried to hit "Save..." on GMER but it has now frozen on me. Could it be the virus interfering or does it just slow/crash when it's been scanning for so long. It seemed smooth when I first started the scan, but now it's been unresponsive for over an hour...

#15 Regicide

Regicide
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 11 January 2010 - 01:49 AM

Ok. I managed to gather this from running on normal mode, just before my computer froze again.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-11 00:38:49
Windows 6.0.6000
Running: 6ugg929g.exe; Driver: C:\Users\THELEF~1\AppData\Local\Temp\awldyaow.sys


---- System - GMER 1.0.15 ----

SSDT 84BDD8C0 ZwConnectPort

INT 0x72 ? 83B4FBF8
INT 0x82 ? 83B4FBF8
INT 0x83 ? 849EBBF8
INT 0x93 ? 849EBBF8
INT 0xA3 ? 849EBBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_alloca_probe + 104 81C55F54 4 Bytes [C0, D8, BD, 84]
? System32\Drivers\spui.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 88080FEB 2 Bytes JMP 849EB1D8
.text USBPORT.SYS!DllUnload + 3 88080FEE 2 Bytes CALL 9104A694
.text armxoeax.SYS 88FCB000 22 Bytes [1A, B2, F9, 81, 04, B1, F9, ...]
.text armxoeax.SYS 88FCB017 45 Bytes [00, 99, 47, 48, 80, A4, 45, ...]
.text armxoeax.SYS 88FCB045 91 Bytes [A4, C4, 81, A9, 02, C7, 81, ...]
.text armxoeax.SYS 88FCB0A1 43 Bytes [5F, C3, 81, A0, 39, C4, 81, ...]
.text armxoeax.SYS 88FCB0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83B4E2D8
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [84F32C4C] \SystemRoot\System32\Drivers\spui.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [84F32CA0] \SystemRoot\System32\Drivers\spui.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [84F026D2] \SystemRoot\System32\Drivers\spui.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [84F02040] \SystemRoot\System32\Drivers\spui.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [84F027FC] \SystemRoot\System32\Drivers\spui.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [84F020BE] \SystemRoot\System32\Drivers\spui.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [84F0213C] \SystemRoot\System32\Drivers\spui.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 83B4F2D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 849EB2D8
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortReadPortUchar] [8957046A] \SystemRoot\System32\Drivers\SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00012284
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 458D5600
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortMoveMemory] 106A50F4
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortReadPortUshort] 38335668
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortReadPortBufferUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] D1E85757
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
IAT \SystemRoot\System32\Drivers\armxoeax.SYS[NTOSKRNL.exe!KeTickCount] FFFFF104
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [84F12048] \SystemRoot\System32\Drivers\spui.sys
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 848D45E0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743FFBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743CB9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743BA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743BCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743B8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743CCF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743B7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743B7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743B6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7444C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743D7F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743B90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743C2179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743C21A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743C7F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743C7D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1976] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743F83D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83B541F8
Device \Driver\netbt \Device\NetBT_Tcpip_{AE688BBD-6991-4C08-8412-D09CE60F4D74} 89A78360
Device \Driver\volmgr \Device\VolMgrControl 83B511F8
Device \Driver\usbohci \Device\USBPDO-0 8484B500
Device \Driver\usbohci \Device\USBPDO-1 8484B500
Device \Driver\usbehci \Device\USBPDO-2 848B41F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\sptd \Device\3213215552 spui.sys
Device \Driver\volmgr \Device\HarddiskVolume1 83B511F8
Device \Driver\volmgr \Device\HarddiskVolume2 83B511F8
Device \Driver\cdrom \Device\CdRom0 848561F8
Device \Driver\volmgr \Device\HarddiskVolume3 83B511F8
Device \Driver\cdrom \Device\CdRom1 848561F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 83B531F8
Device \Driver\atapi \Device\Ide\IdePort0 83B531F8
Device \Driver\atapi \Device\Ide\IdePort1 83B531F8
Device \Driver\atapi \Device\Ide\IdePort2 83B531F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 83B531F8
Device \Driver\USBSTOR \Device\00000073 89B26500
Device \Driver\USBSTOR \Device\00000074 89B26500
Device \Driver\volmgr \Device\HarddiskVolume4 83B511F8
Device \Driver\USBSTOR \Device\00000075 89B26500
Device \Driver\volmgr \Device\HarddiskVolume5 83B511F8
Device \Driver\USBSTOR \Device\00000076 89B26500
Device \Driver\volmgr \Device\HarddiskVolume6 83B511F8
Device \Driver\USBSTOR \Device\00000077 89B26500
Device \Driver\volmgr \Device\HarddiskVolume7 83B511F8
Device \Driver\netbt \Device\NetBt_Wins_Export 89A78360
Device \Driver\Smb \Device\NetbiosSmb 89AD81F8
Device \Driver\iScsiPrt \Device\RaidPort0 848D71F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCI_PNP7544 \Device\0000005d spui.sys
Device \Driver\usbohci \Device\USBFDO-0 8484B500
Device \Driver\usbohci \Device\USBFDO-1 8484B500
Device \Driver\usbehci \Device\USBFDO-2 848B41F8
Device \Driver\armxoeax \Device\Scsi\armxoeax1 849741F8
Device \Driver\armxoeax \Device\Scsi\armxoeax1Port4Path0Target0Lun0 849741F8
Device \FileSystem\cdfs \Cdfs A193E1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x06 0xAB 0x87 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0x09 0x24 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA8 0x56 0x04 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x06 0xAB 0x87 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0x09 0x24 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA8 0x56 0x04 0x49 ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users